cve/2021/CVE-2021-40690.md

CVE-2021-40690

Description

All versions of Apache Santuario - XML Security for Java prior to 2.2.3 and 2.1.7 are vulnerable to an issue where the "secureValidation" property is not passed correctly when creating a KeyInfo from a KeyInfoReference element. This allows an attacker to abuse an XPath Transform to extract any local .xml files in a RetrievalMethod element.

POC

Reference

• https://www.oracle.com/security-alerts/cpuapr2022.html
• https://www.oracle.com/security-alerts/cpujul2022.html

Github

• https://github.com/ARPSyndicate/cvemon
• https://github.com/RosalindDeckow/java-saml
• https://github.com/SAML-Toolkits/java-saml
• https://github.com/VallieRunte/javascript-web
• https://github.com/onelogin/java-saml